CVE-2023-39287

MEDIUM

Mitel MiVoice Connect <19.3 SP3 - Command Injection

Title source: llm

Description

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.

References (2)

[Vendor Advisory] https://www.mitel.com/support/security-advisories

[Vendor Advisory] https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0010

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 36.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Classification

CWE

CWE-88

Status published

Affected Products (1)

mitel/mivoice_connect < 22.24.5800.0

Timeline

Published Aug 25, 2023

Tracked Since Feb 18, 2026